Merge branch 'PHP-8.4'

* PHP-8.4:
  Fix GH-19792: SCCP causes UAF for return value if both warning and exception are triggered

Zend/Optimizer/sccp.c

@@ -838,9 +838,7 @@ static inline zend_result ct_eval_func_call_ex(
 		zval_ptr_dtor(result);
 		zend_clear_exception();
 		retval = FAILURE;
-	}
-
-	if (EG(capture_warnings_during_sccp) > 1) {
+	} else if (EG(capture_warnings_during_sccp) > 1) {
 		zval_ptr_dtor(result);
 		retval = FAILURE;
 	}

ext/opcache/tests/opt/gh19792.phpt

@@ -0,0 +1,27 @@
+--TEST--
+GH-19792 (SCCP causes UAF for return value if both warning and exception are triggered)
+--EXTENSIONS--
+opcache
+zend_test
+--INI--
+opcache.enable=1
+opcache.enable_cli=1
+opcache.optimization_level=-1
+--FILE--
+<?php
+
+function foo()
+{
+    return \zend_test_gh19792();
+}
+
+try {
+    foo();
+} catch (Error $e) {
+    echo $e->getMessage(), "\n";
+}
+
+?>
+--EXPECTF--
+Warning: a warning in %s on line %d
+an exception

ext/zend_test/test.c

@@ -1731,3 +1731,12 @@ static PHP_FUNCTION(zend_test_opcache_preloading)
 
 	RETURN_BOOL(opcache_preloading());
 }
+
+static PHP_FUNCTION(zend_test_gh19792)
+{
+	ZEND_PARSE_PARAMETERS_NONE();
+
+	RETVAL_STRING("this is a non-interned string");
+	zend_error(E_WARNING, "a warning");
+	zend_throw_error(NULL, "an exception");
+}

ext/zend_test/test.stub.php

@@ -344,6 +344,9 @@ function zend_test_override_libxml_global_state(): void {}
     function zend_test_opcache_preloading(): bool {}
 
     function zend_test_uri_parser(string $uri, string $parser): array { }
+
+    /** @compile-time-eval */
+    function zend_test_gh19792(): void {}
 }
 
 namespace ZendTestNS {

ext/zend_test/test_arginfo.h

@@ -1,5 +1,5 @@
 /* This is a generated file, edit the .stub.php file instead.
- * Stub hash: eb624df6b39083abc81b8636e965370cea9e093f */
+ * Stub hash: 6bccdc2444e6a68ba615fc281235a4551d0b8819 */
 
 ZEND_BEGIN_ARG_WITH_RETURN_TYPE_INFO_EX(arginfo_zend_trigger_bailout, 0, 0, IS_NEVER, 0)
 ZEND_END_ARG_INFO()
@@ -195,6 +195,8 @@ ZEND_BEGIN_ARG_WITH_RETURN_TYPE_INFO_EX(arginfo_zend_test_uri_parser, 0, 2, IS_A
 	ZEND_ARG_TYPE_INFO(0, parser, IS_STRING, 0)
 ZEND_END_ARG_INFO()
 
+#define arginfo_zend_test_gh19792 arginfo_zend_test_void_return
+
 #define arginfo_ZendTestNS2_namespaced_func arginfo_zend_test_is_pcre_bundled
 
 #define arginfo_ZendTestNS2_namespaced_deprecated_func arginfo_zend_test_void_return
@@ -338,6 +340,7 @@ static ZEND_FUNCTION(zend_test_compile_to_ast);
 static ZEND_FUNCTION(zend_test_gh18756);
 static ZEND_FUNCTION(zend_test_opcache_preloading);
 static ZEND_FUNCTION(zend_test_uri_parser);
+static ZEND_FUNCTION(zend_test_gh19792);
 static ZEND_FUNCTION(ZendTestNS2_namespaced_func);
 static ZEND_FUNCTION(ZendTestNS2_namespaced_deprecated_func);
 static ZEND_FUNCTION(ZendTestNS2_ZendSubNS_namespaced_func);
@@ -468,6 +471,15 @@ static const zend_function_entry ext_functions[] = {
 	ZEND_FE(zend_test_gh18756, arginfo_zend_test_gh18756)
 	ZEND_FE(zend_test_opcache_preloading, arginfo_zend_test_opcache_preloading)
 	ZEND_FE(zend_test_uri_parser, arginfo_zend_test_uri_parser)
+#if (PHP_VERSION_ID >= 80400)
+	ZEND_RAW_FENTRY("zend_test_gh19792", zif_zend_test_gh19792, arginfo_zend_test_gh19792, ZEND_ACC_COMPILE_TIME_EVAL, NULL, NULL)
+#else
+#if (PHP_VERSION_ID >= 80200)
+	ZEND_RAW_FENTRY("zend_test_gh19792", zif_zend_test_gh19792, arginfo_zend_test_gh19792, ZEND_ACC_COMPILE_TIME_EVAL)
+#elif (PHP_VERSION_ID >= 80000)
+	ZEND_RAW_FENTRY("zend_test_gh19792", zif_zend_test_gh19792, arginfo_zend_test_gh19792, 0)
+#endif
+#endif
 #if (PHP_VERSION_ID >= 80400)
 	ZEND_RAW_FENTRY(ZEND_NS_NAME("ZendTestNS2", "namespaced_func"), zif_ZendTestNS2_namespaced_func, arginfo_ZendTestNS2_namespaced_func, 0, NULL, NULL)
 #else